adobe commerce CVE-2024-34102 vulnerability in Adobe Products
Published on June 13, 2024

product logo product logo
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

The following remediation steps are recommended / required by August 7, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis


Products Associated with CVE-2024-34102

You can be notified by stack.watch whenever vulnerabilities like CVE-2024-34102 are published in these products:

 
 
 

What versions are vulnerable to CVE-2024-34102?